EAP-TTLS (PAP) not working with NT domain - debian freeradius 1.1.7

Alan DeKok aland at deployingradius.com
Fri Mar 21 15:43:03 CET 2008


James McOrmond wrote:
> With that, and a few configuration options (like making sure the host
> was connected to the domain and ntlm_auth functioned as required), i've
> managed to get PEAP and EAP-MSCHAPv2 working fine to the ntdomain.

  The guides for *that* are online.

> EAP-TTLS works fine with an account in the "users" file that has a clear
> text password, as well as a local /etc/password account.  Ideally this
> should work with the ntdomain as well.

  Yes.  You will need to configure a *separate* module to do ntlm_auth
authentication via PAP.

  Something like:

  exec ntlm_auth_pap {
		wait = yes
		input_pairs = request
		shell_escape = yes
		output = none
		program = "/path/to/ntlm_auth --username=%{User-Name} --domain=DOMAIN
--password=%{User-Password}"
  }

  See 'exec echo' example for more docs.

  Then in the authenticate section, do;

	Auth-Type PAP {
		ntlm_auth_pap
	}

  That will force *all* PAP requests to use ntlm_auth, but it will work.

  Alan DeKok.



More information about the Freeradius-Users mailing list